Protected Health Information (PHI)

Last updated: June 30, 2018

What Does Protected Health Information (PHI) Mean?

Protected health information (PHI) was defined by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Among other goals, HIPAA was enacted to protect the privacy of individual patient's information. Pursuant to this act, PHI is any information related to an individual's health. To qualify for the HIPAA's privacy protections, the health information must be linkable to a particular person. This information is referred to as "individually identifiable" health information.

The definition of health information as used in HIPAA is broadly defined. Past, present, or future data regarding the person's physical or mental health are all included. Payments made by individuals to health care providers are included in this definition. However, HIPAA's privacy regulations only apply to information held by covered entities and their business associates or agents. If the information meets all of this criteria, it is considered PHI under federal laws. Other federal and state laws may impose additional privacy restrictions.


WorkplaceTesting Explains Protected Health Information (PHI)

A person's protected health information (PHI) may include insurance and demographic information, medical histories and test results, or any other information collected by a health care provider or covered entity about that person. Under the Health Insurance Portability and Accountability Act (HIPAA), this information is protected regardless of the form in which it is maintained. Thus, covered entities must take precautions to ensure the privacy of written records, electronic records, and that information spoken aloud is not overheard by unauthorized individuals.

A covered entity under HIPAA is any organization that handles personal health records or information. Not only are health care providers such as hospitals and physicians covered entities, but insurers and billing agents that work with hospitals and physicians are included as well. While individuals' health information may be disclosed in certain circumstances, HIPAA regulations require that health care providers and other entities share and transmit PHI in a way that ensures patient privacy.


Share this Term

  • Facebook
  • LinkedIn
  • Twitter

Related Reading


WellnessHealth and SafetyWorkplace HealthEmploymentWorker Health Monitoring

Trending Articles

Go back to top